Vulnerabilities rated critical and high security qualify for a payment of between $3,000 and $7,500, according to the program’s new guidelines.

Mozilla used to pay a flat amount, but it will now pay a variable amount depending on the quality of the report, the flaw’s severity and how easily it can be exploited.

Researchers with flaws rated “moderate” will be awarded between $500 and $2,000 depending on the risk, determined by Mozilla’s Bug Bounty Committee.

The organization is also promoting its Firefox Security Bug Bounty Hall of Fame, which has been live for a while but hadn’t been announced. The page gives public credit to those who’ve submitted valid bugs.

Mozilla has paid out $1.6 million over the course of its rewards program, Forbes wrote.